Spam mail with Gh0st RAT targets Tibet organizations

on Wednesday, March 14, 2012|

AlienVault has detected phishing attacks against Tibetan organizations , apparently from Chinese attackers. AlientValut believe these attacks originate from the same group of Chinese hackers that launched the ‘Nitro’ attacks against chemical and defense companies late last year and are aimed at both spying on and stealing sensitive information about these organizations’ activities and supporters.

After investigating, researchers discovered that the malware being used in this attack is a variant of Gh0st RAT (remote access Trojan), a type of software that enables anything from stealing documents to turning on a victim’s computer microphone.

Gh0st RAT was a primary tool used in the Nitro attacks last year and the variant we uncovered in these attacks seem to come from the same actors. It’s likely that the same group is stealing from major industries as well as infiltrating organizations for political reasons.